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SEP 2 1 2009 

AMENDMENTS TO THE CLAIMS: 

Please cancel without prejudice claims 11, 13 and 20-22 and amend claims 17, 40 and 47 
as follows. 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

1. (previously presented) Apparatus for processing data, said apparatus comprising: 

a processor operable in a plurality modes and a plurality of domains, said plurality of 
domains comprising a secure domain or a non-secure domain, said plurality of modes including; 
at least one secure mode being a mode in said secure domain; and 
at least one non-secure mode being a mode in said non-secure domain; wherein 

when said processor is executing a program in a secure mode said program has access to 
secure data which is not accessible when said processor is operating in a non-secure mode; 

said processor is resppnsive to one or more exception conditions for triggering exception 
processing using an exception handler, said processor configured to select said exception handler 
from among a plurality of possible exception handlers in dependence upon an exception vector 
value associated with said exception condition and stored within an active exception vector table 
for said exception condition and in dependence upon whether said processor is operating in said 
secure domain or said non-secure domain; wherein said active exception vector table is one of a 
plurality of exception vector tables, and at least two of said one or more exception conditions 
have respective programmable configurations associated therewith that control triggering of 
either a non-secure exception handler operating in a non-secure mode or a secure exception 
handler operating in a secure mode with any change of domain also being triggered when 
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required, wherein said processor is also operable in a monitor mode and any switching between a 
secure mode and a non-secure mode required for handling of an exception takes place via said 
monitor mode, said processor being operable at least partially in said monitor mode to execute a 
monitor program to manage switching between said secure mode and said non-secure mode; 

2. (original) Apparatus as claimed in claim 1, wherein at least one of said exceptions is a 
selectable exception handled by a selectable one of either a non-secure exception handler 
operating in a non-secure mode or a secure exception handler operating in a secure mode; and 

at least one of said exceptions is a dedicated secure exception that is handled by a secure 
exception handler operating in a secure mode. 

3. (cancelled). 

4. (original) Apparatus as claimed in claim 1, haying a secure exception is triggered by 
one of a signal on a dedicated secure exception signal input and a non-secure exception signal 
input. 

5. (original) Apparatus as claimed in claim 1 7 having an exception signal input shared 
between secure and non-secure exceptions and a further input signal cooperating with said 
exception signal input to control whether a secure exception handler or a non-secure exception . 
handler is triggered. 



-3- 



PAGE 411 9 ' RCVD AT 9/21/2O09 8:29:49 AM [Eastern Daylight Time] * SVR:USPTO-EFXRF-6/8 * DNIS:27383Q0 * CSID:703 816 4100 1 DURATION (mm-ss):O3-00 



NIKON & VANDERHYE PC3 Fax:703-816-4100 



Sep 21 2009 8:32 



P. 05 



WATT et aJ 
Appl.No. 10/714,519 
September 21 , 2009 

6. (original) Apparatus as claimed in claim 1, wherein said secure exception handler is 
part of a secure operating system operable in said secure mode. 

7. (original) Apparatus as claimed in claim 1, wherein said non-secure exception handler 
is part of a non-secure operating system operable in said non-secure mode. 

8. (cancelled). 

9. (previously presented) Apparatus as claimed in claim 1, wherein said monitor program 
is operable to save and restore context data defining processor status when switching between a 
secure mode and a non-secure mode to handle an exception. 

10. (previously presented) Apparatus as claimed in claim 1 3 wherein said processor 
includes a register bank and said monitor program is operable to flush at least a portion of said 
register bank shared between said secure mode and said non-secure mode when switching from 
said secure mode to said non-secure mode such that no secure data held within said register bank 
may pass from said secure mode to said non-secure mode other than as permitted by said monitor 
program. 

11. (cancelled). 

12. (cancelled). 
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13, (cancelled). 

14. (previously presented) Apparatus for processing data, said apparatus comprising: 
a processor operable in a plurality modes and a plurality of domains, said plurality of 

domains comprising a secure domain or a non-secure domain, said plurality of modes including: 
at least one secure mode being a mode in said secure domain; and 
at least one non-secure mode being a mode in said non-secure domain; wherein 

when said processor is executing a program in a secure mode said program has access to 
secure data which is not accessible when said processor is operating in a non-secure mode; 

said processor is responsive to one or more exception conditions for triggering exception 
processing using an exception handler, said processor configured to select said exception handler 
from among a plurality of possible exception handlers in dependence upon an exception vector 
value associated with said exception condition and stored within an active exception vector table 
for said exception condition arid in dependence upon whether said processor is operating in said 
secure domain or said non-secure domain; wherein said active exception vector table is one of a 
plurality of exception vector tables, and at least two of said one or more exception conditions 
have respective programmable configurations associated therewith that control triggering of 
either a non-secure exception handler operating in a non-secure mode or a secure exception 
handler operating in a secure mode with any change of domain also being triggered when 
required, wherein said processor is also operable in a monitor mode and any switching between a 
secure mode and a non-secure mode said plurality of exception vector is performed via said 
monitor mode. 
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15. (original) Apparatus as claimed in claim 14, wherein said plurality of exception 
vector tables include a monitor mode exception vector table. 

16. (original) Apparatus as claimed in claim 1 5, wherein said processor is responsive to 
one or more parameters specifying which of said exceptions should be handled by said monitor 
mode exception vector table, 

17. (currently amended) Apparatus as claimed in olai*n - l - 3 for processing data* said 
a pparatus comprising: 

a processor operable in a plurality modes and a plurality of domains, sai^ plurality of 
domains comprising a secure domain or a non-secure domain, said plurality of modes including: 
at least one secure mode being a mode in said secure domain; and 
at least one non-secure mode being a mode in said non-secure domain: wherein 

when said processor is executing a program in a secure mode said program has access to 
Secure data which is not accessible when said processor is operating in a non-secure mode: 

said processor is responsive to one 9r more exception conditions for triggering exception 
processing using an exception handler, said processor configured to select said exception handler 
from among a plurality of possible exception handlers in dependence upon an exception vector 
value associated with said exception condition and stored within an active exception vector table 
for said exception condition and in dependence upon whether said processor is operating in said 
secure domain or said non-secu re domain: wherein said active exception vector table is one of a 
plurality of exception vector tablel and at least two of said one or more exception conditions 
have respective programmable configurations associated therewith that control triggering of _ 



PAGE 7/19 * RCVD AT 9/21/2009 8:29:49 AM [Eastern Daylight Time] * SVR:USPTO-EFXRF-6/8 * DNIS:2738300 * CSID:703 816 4100 * DURATION (mm-ss):O3-O0 



NIXON & VANDERHYE PC3 Fax:703-816-4100 



Sep 21 2009 8:32 



P. 08 



WATT etal 

AppL No. 10/714,519 

September 21, 2009 

either a non-secure exception handler operating in a nonsecure mode or a secure exception 
handler operating in a secure mode with any change of domain also being triggered when 
required, wherein said plurality of exception vector tables include a secure exception vector table 
selectable in said secure mode and a non-secure exception vector table selectable in said non- 
secure mode, wherein said plurality of exception vector tables .include, a .monitor mode exception 
vector table and said processor is responsive to one or more parameters specifying which of said 
exceptions should be handled by said monitor mode exception vector table* w herein said secure 
vector table is said active vector table in said secure mode and said non-secure vector table is 
said active vector table in said non-secure mode unless said one or more parameters specify that 
said monitor mode exception vector table is said active vector table of said exception condition, 

1 8. (original) Apparatus as claimed in claim 1 6, wherein at least one of said parameters is 
stored in an exception trap mask. 

19. (original) Apparatus as claimed in claim 18, wherein said exception control register is 
writable when said processor is in said monitor mode and said exception trap mask register is 
non-writable when said processor is not in said non-secure domain. 

20. (cancelled). 

21. (cancelled), 

22. (cancelled). 
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23. (previously presented) Apparatus as claimed in claim 1, comprising a plurality of 
vector table base address pointer registers each storing a respective base address value for a 
corresponding one of said plurality of exception vector tables. 

24. (previously presented) A method of processing data, said method comprising the 
steps of: 

executing a program with a processor core operable . in a plurality of modes and a 
plurality of domains, said plurality of domains comprising a secure domain or a non-secure 
domain, said plurality of modes including: 

at least one secure mode being a mode in said secure domain; and 
at least one non-secure mode being a mode in said non-secure domain; wherein 
when said processor core is executing a program in a secure mode said program has 
access to secure data which is not accessible when said processor core is operating in a non- 
secure mode; and 

. in response to one or more exception conditions, triggering exception processing using an 
exception handler; said processor core configured to select said exception handler from among a 
plurality of possible exception handlers in dependence upon an exception vector value associated 
with said exception condition and stored within an active exception vector table for said 
exception condition and in dependence upon whether said processor core is operating is said 
secure domain of said non-secure domain; wherein said active exception vector table is one of a 
plurality of exception vector tables, and at least two of said one or more exception conditions 
have respective programmable configurations associated therewith that control triggering of 
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either a non-secure exception handler operating in a non-secure mode or a secure exception 
handler operating in a secure mode with any change of domain also being triggered when 
required, wherein said processor is also operable in a monitor mode and any switching between a 
secure mode and a non-secure mode required for handling of an exception takes place via said 
monitor mode, said processor being operable at least partially in said monitor mode to execute a 
monitor program to manage switching between said secure mode and said non-secure mode, 

25. (original) A method as claimed in claim 24, wherein at least one of said exceptions is 
a selectable exception handled by a selectable one of either a non-secure exception handler 
operating in a non-secure mode or a secure exception handler operating in a secure mode; and 

at least one of said exceptions is a dedicated secure exception that is handled by a secure 
exception handler operating in a secure mode, 

26. (cancelled). 

27. (original) A method as claimed in claim 24, having a secure exception signal input 
and a non-secure exception signal input. 

28. (original) A method as claimed in claim 24 having an exception signal input shared 
between secure and non-secure exceptions and a further input signal co-operating with said 
exception signal input to control whether a secure exception handler or a non-secure exception 
handler is triggered. 
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29. (original) A method as claimed in claim 24, wherein said secure exception handler is 
part of a secure operating system operable in said secure mode. 

30. (original) A method as claimed in claim 24, wherein said non-secure exception 
handler is part of a non-secure operating system operable in said non-secure mode. 

31. (cancelled). 

32. (previously presented) A method as claimed in claim 24, wherein said monitor 
program is operable to save and restore context data defining processor status when switching 
between a secure mode and a non-secure mode to handle an exception. 

33 . (previously presented) A method as claimed in claim 24, wherein said processor 
includes a register bank and said monitor program is operable to flush at least a portion of said 
register bank shared between said secure mode and said non-secure mode when switching from 
said secure mode to said non-secure mode such that no secure data held within said register bank 
may pass from said secure mode to said non-secure mode other than as permitted by said monitor 
program. 

34. (original) A method as claimed in claim 24, wherein said at least one exception 
conditions includes one of more of: 

a secure interrupt signal exception; 

a mode switching software interrupt signal; 
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a reset exception; 

an interrupt signal exception; 

a software interrupt signal; 

an undefined instruction exception; 

a prefetch abort exception; 

a data abort exception; and 

a fast interrupt signal exception. 

35. (cancelled). 

36. (previously presented) A method as claimed in claim 24, wherein said plurality of 
exception vector tables include a secure exception vector table selectable in said secure mode 
and a non-secure exception vector table selectable in said non-secure mode. 

37. (previously presented) A method of processing data, said method comprising the 
steps of: 

executing a program with a processor core operable in a plurality of modes and a 
plurality of domains, said plurality of domains comprising a secure domain or a non-secure 
domain, said plurality of modes including: 

at least one secure mode being a mode in said secure domain; and 

at least one non-secure mode being a mode in said non-secure domain; wherein 
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when said processor gore is executing a program in a secure mode said program has 
access to secure data which is not accessible when said processor core is operating in a non- 
secure mode; and 

in response to one or more exception conditions, triggering exception processing using an 
exception handler; said processor core configured to select said exception handler from among a 
plurality of possible exception handlers in dependence upon an exception vector value associated 
with said exception condition and stored within an active exception vector table for said 
exception condition and in dependence upon whether said processor core is operating is said 
secure domain of said rion-secure domain; wherein said active exception vector table is one of a 
plurality of exception vector tables, and at least two of said one or more exception conditions 
have respective programmable configurations associated therewith that control triggering of 
either a non-secure exception handler operating in a non-secure mode or a secure exception 
handler operating in a secure mode with any change of domain also being triggered when 
required, wherein said processor is also operable in a monitor mode and any switching between a 
secure mode and a non-secure mode said plurality of exception vector is performed via said 
monitor mode. 

38. (original) A method as claimed in claim 37, wherein said plurality of exception vector 
tables include a monitor mode exception vector table. 

39, (original) A method as clainjed in claim 37, wherein said processor is responsive to 
one or more parameters specifying which of said exceptions should be handled by said monitor 
mode exception vector table. 
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40. (currently amended) A method as claimed in claim 36, wherein said plurality of 
exception vector tables include a monitor mode exception vector table and said prqcessor is 
responsive to one or more parameters specifying which of said exceptions should be handled by 
said monitor mode exception vector table, wherein said secure vector table is said active vector 
table in said secure mode and said non-secure vector table is said active vector table in said non- 
secure mode unless said one or more parameters specify that said monitor mode exception v ector 
table is said active vector table of said exception condition. 

41 . (original) A method as claimed in claim 39, wherein at least one of said parameters is 
stored in an exception trap mask register, 

42. (original) A method as claimed in claim 41, wherein said exception control register is 
writable when said processor is in said monitor mode and said exception trap mask register is 
non- writable when said processor is not in said monitor mode. 

43. (original) A method as claimed in claim 36, wherein said secure exception vector 
table is writable when said processor is in a secure mode and said secure exception vector table 
is non- writable when said processor is in a non-secure mode. 

44. (original) A method as claimed in claim 36, wherein a secure exception handler that 
is part of a secure operating system is used said secure mode, 
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45. (original). A method as claimed in claims 36, wherein a non-secure exception handler 
that is part of a non-secure operating system is used said non-secure mode. 

46. (previously presented) A method as claimed in claim 24, comprising storing within a 
plurality of vector table base address registers respective base address values for corresponding 
ones of said plurality of exception vector tables, 

47. (currently amended) A computer program product comprising a computer readable 
storage medium containing computer readable instructions that when executed control a data 
processing apparatus in aeooFdanoQ wit h accordin^ to the method of claim 24. 
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